virtumonde.G giving spyware removal the run around

[Guest]

I have used several spyware removal programs (ad-aware SE, defender, spybot
S&D) to identify and try to remove Virtumonde.G. Defender and Ad-aware can
both identify it and try to remove it the spyware. The programs say they
destroy the threat, but after doing a second scan, the spyware has returned.
I tried using Symantec's automatic removal tool for Vundo(virtumonde,
virtumonde.B, Trojan.Vundo). It too says it has removed the threat, but
after doing another sweep with the removal tool, the threat has returned.
Finally I try removing the threat manually using Symantec's instructions for
removing Vundo, however none of the registry commands Symantec claim should
be there are there in the registry. If anyone can help me stump this bug, I
welcome all suggestions.

 

[plun]

Hi

Standard procedure within cleaning forums is to use Atribunes tool.

http://www.geekstogo.com/forum/How-...e-Msevents-Trojanvundo-ATLDistrib-t91765.html

Combine this with Ewido.
http://www.ewido.net/en/download/

and CCleaner for temporarily junk removal.
http://www.ccleaner.com/ (uncheck Yahoos toolbar during install, IMHO)

regards
plun

 

[robinb]

plun, what happens if you let the software ewido expire after the 30 day
period? what will not work anymore? they say it becomes a freeware with
limitations. Can you still get updates for it (definitions?)
robin

 

[plun]

Hi again robinb

Ewido expire and you loose your "guard" ie real time protection.

After this you can perform _manual_ updates and the scanner works.
Ewido is using a numbering system for definitions.

A lot of users scan, scan and scan instead of understanding/using RTP
protection. So AVG free and Ewido for $30/year is a really good choice
for RTP protection for both viral and spyware infests.

Nevertheless... the major challenge nowadays is to make users to
understand about risky sites, within every cleaning forum you sees
traces within logs from users which have visted prOn, gambling, p2p
sites.(majority)

I would say that Free XXX sites, serial/cracks sites are the most
dangerous ones..... "social engineering".... and the bad guys really
uses this fact.

If a user also uses a non patched PC this user directly will be a
Zombie for spamming, DDos attacks etc...

And users must learn this.....

regards
plun

 

[Debby Hanoka]

Have you booted into Safe Mode and then scanned? Try that and
let us know what happens.

Debby Hanoka
dhanoka at earthlink dot net

 

[robinb]

oh If it behaves on my computer I will purchase it and so will my clients, I
just want to give it the full time to see. and you are so right if you take
short cuts you deserve what you get.
Unfortunetly when someone (adult especially) buys a computer no one tells
them what they need to protect themselves. Believe me those are my best
customers. they get a virus protection- usually whatever the company throws
on for a 3 mth trial and they think this is sufficient, do they update it?
no. Do they purchase it? maybe. most think well it is on the computer- the
computer will make it work right---NOT.
Most do not understand what will happen and manufacturers are only out for
the big bucks to sell them a computer, not how to take care of it.
And worse most of these people are not stupid but are very nieve.
robin

 

[Robin]

pun in ewido explain this part to me please
on the Shield tab- for the Files and Memory box does that mean when the
resident shield first loads in windows on startup it checks files and
memory? or does it do it when it is scanning only.
thanks
robin

 

[plun]

Hi

The resident shield is a real time protection.

When you start a application you execute a startfile.
This executable file also "starts" other files and upload them into
your RAM memory as running processes. Ewido check these files directly
and compare them with definitions if they are malicious.

Ewido with the shield running therefore protect your PC in _real time_.

With a manual scan you check your files and compare them with
definitions/signatures within your protection program.

Your antivirus program also uses the same technicue, some antivirus
scanners also uses heuristic detection when a malicious file
cannot directly be detected from definitions. (some problem with
false/positives)

You can see this with the Analysis function within Ewido 4.0.

Also with Processexplorer from Sysinternals.
http://www.sysinternals.com/Utilities/ProcessExplorer.html


WD also have a good RTP but Ewido is better with todays junk if
a user visits so called "risky/dirty sites". So if a user just
visits stupid commercial sites using 180 Solutions, Hotbar,
Screensavers etc etc, WD is enough.

Hope this helps...

regards
plun